session_cache_limiter('nocache');
$config = SimpleSAML_Configuration::getConfig('module_oauth2server.php');
$clientStore = new sspmod_oauth2server_OAuth2_ClientStore($config);
if (isset($_REQUEST['client_id'])) {
    $client = $clientStore->getClient($_REQUEST['client_id']);
}
if (isset($client)) {
    $as = new SimpleSAML_Auth_Simple($config->getValue('authsource'));
    $params = sspmod_oauth2server_Utility_Uri::calculateScopingParameters($client);
    $as->requireAuth($params);
    if (array_key_exists('redirect_uri', $client) && is_array($client['redirect_uri']) && count($client['redirect_uri']) > 0) {
        $returnUri = isset($_REQUEST['redirect_uri']) ? $_REQUEST['redirect_uri'] : $client['redirect_uri'][0];
        $legalRedirectUri = sspmod_oauth2server_Utility_Uri::validateRedirectUri($returnUri, $client);
        if ($legalRedirectUri) {
            $requestedScopes = sspmod_oauth2server_Utility_Uri::augmentRequestedScopesWithRequiredScopes($client, isset($_REQUEST['scope']) ? explode(' ', $_REQUEST['scope']) : array());
            $invalidScopes = sspmod_oauth2server_Utility_Uri::findInvalidScopes($client, $requestedScopes);
            if (count($invalidScopes) == 0) {
                if (isset($_REQUEST['response_type']) && ($_REQUEST['response_type'] === 'code' || $_REQUEST['response_type'] === 'token')) {
                    $state = array('clientId' => $_REQUEST['client_id'], 'redirectUri' => isset($_REQUEST['redirect_uri']) ? $_REQUEST['redirect_uri'] : null, 'requestedScopes' => array_unique($requestedScopes), 'returnUri' => $returnUri, 'response_type' => $_REQUEST['response_type']);
                    if (array_key_exists('state', $_REQUEST)) {
                        $state['state'] = $_REQUEST['state'];
                    }
                    $stateId = SimpleSAML_Auth_State::saveState($state, 'oauth2server:authorization/consent');
                    $consentUri = SimpleSAML\Utils\HTTP::addURLParameters(SimpleSAML_Module::getModuleURL('oauth2server/authorization/consent.php'), array('stateId' => $stateId));
                    SimpleSAML\Utils\HTTP::redirectTrustedURL($consentUri);
                } else {
                    if (!isset($_REQUEST['response_type'])) {
                        $errorParameters = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('invalid_request', 'missing response type', 'MISSING_RESPONSE_TYPE', array());
                    } else {
                        $errorParameters = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('unsupported_response_type', 'unsupported response type: ' . $_REQUEST['response_type'], 'UNSUPPORTED_RESPONSE_TYPE', array('RESPONSE_TYPE' => $_REQUEST['response_type']));
                    }
 /**
  * @group unit
  * @group utility
  */
 public function testFindInvalidScopeForClientWithScopes()
 {
     $client = array('scope' => array('SCOPE1' => false, 'SCOPE2' => false));
     $scopes = array('SCOPE1', 'SCOPE3');
     $result = \sspmod_oauth2server_Utility_Uri::findInvalidScopes($client, $scopes);
     $this->assertEquals(array(1 => 'SCOPE3'), $result);
 }